Due to the critical and confidential nature of the data being exchanged, all clients must adhere to the stated rules for implementing a webhook to eliminate potential risks.
Your webhook should meet the following minimum performance requirements
- Must be a HTTPS endpoint
- Respond to all webhook events with a
- Respond to all webhook events in
5seconds or less
The HTTP request will contain an
X-Hub-Signature header which contains the SHA1 signature of the request payload computed using the HMAC algorithm and the secret_key shared in advance, and prefixed with
Your callback endpoint should verify this signature to validate the integrity and origin of the payload.
Error Handling and Recovering
If any of the below 3 conditions are observed by Haptik Systems when:
- We cannot connect to your webhook
- Your webhook takes more than '5' seconds to return the response
- Your webhook returns non 2xx status code
- We will retry the request 6 times over the course of
60 minutes(Retry intervals: 5 seconds, 25 seconds, 125 seconds, 625 seconds, 1410 seconds, 1410 seconds).
- If the repeated webhook call are unsuccessful even after the last attempt we will automatically disable the webhook.
- Once the webhook is disabled, then new requests will be queued for a max duration of
60 minutes. Once the webhook is enabled by you, then we will attempt to deliver the requests.
- You can visit the Haptik Dashboard or use the REST API to activate the webhook if it is disabled.
Note: There can be multiple delivery requests within a short time span and it is the
client's responsibility to maintain ordering and QoS in case of failure to accept messages.